CVE-2016-9077

Source
Severity High
Remote Yes
Type Information disclosure
Description
Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations.
Group Package Affected Fixed Severity Status Ticket
AVG-72 firefox 49.0.2-1 50.0-1 Critical Fixed
Date Advisory Group Package Severity Description
16 Nov 2016 ASA-201611-16 AVG-72 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9077